I need some help, since I don’t know a whole lot when it comes to web security. I run a website that gets decent traffic. Today, I received an alert saying that I had used quite a bit of bandwidth. Thinking it was odd, I looked into it, and found that my normal 1-3 GB a day had turned into 9-15 GB a day.
I checked the visitor logs and found a user agent, node-fetch/1.0 (+https://github.com/bitinn/node-fetch), constantly spamming the home page of my website. By constant, I mean 30-45 times a minute if not more. It only requested the home page and nothing else.
I haven’t been able to find much information on the subject, other than that github link that says it adds window.fetch to Node.js.
I immediately turned on “Under Attack Mode” and that halted the spammer’s requests. I implemented a Firewall rule that matches that user-agent and have it JS Tested. I think turned off Under Attack Mode. The firewall match seems to be deflecting the spammer.
What I need to know is my next steps? Is it safe for me to keep that user-agent match on the firewall? Is there something I can do in the future to prevent this sort of spamming?
Thanks in advance.